diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-29 16:41:38 -0600 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-30 08:47:21 -0600 |
commit | cda3a989415ce8aa0ff8e13f101e119323c5c557 (patch) | |
tree | 1e2480f192496f1632171ca2bbbe8e25c0c5ea70 /tunnel/deterministicguid.go | |
parent | version: hard code name and version at compile time (diff) | |
download | wireguard-windows-cda3a989415ce8aa0ff8e13f101e119323c5c557.tar.xz wireguard-windows-cda3a989415ce8aa0ff8e13f101e119323c5c557.zip |
tunnel: allow disabling deterministic GUIDs for external consumers
Diffstat (limited to 'tunnel/deterministicguid.go')
-rw-r--r-- | tunnel/deterministicguid.go | 52 |
1 files changed, 31 insertions, 21 deletions
diff --git a/tunnel/deterministicguid.go b/tunnel/deterministicguid.go index c23dbab3..8c0f34c0 100644 --- a/tunnel/deterministicguid.go +++ b/tunnel/deterministicguid.go @@ -19,6 +19,10 @@ import ( ) const deterministicGUIDLabel = "Deterministic WireGuard Windows GUID v1 jason@zx2c4.com" +const fixedGUIDLabel = "Fixed WireGuard Windows GUID v1 jason@zx2c4.com" + +// Escape hatch for external consumers, not us. +var UseFixedGUIDInsteadOfDeterministic = false /* All peer public keys and allowed ips are sorted. Length/number fields are * little endian 32-bit. Hash input is: @@ -40,7 +44,11 @@ const deterministicGUIDLabel = "Deterministic WireGuard Windows GUID v1 jason@zx func deterministicGUID(c *conf.Config) *windows.GUID { b2, _ := blake2s.New256(nil) - b2.Write([]byte(deterministicGUIDLabel)) + if !UseFixedGUIDInsteadOfDeterministic { + b2.Write([]byte(deterministicGUIDLabel)) + } else { + b2.Write([]byte(fixedGUIDLabel)) + } b2Number := func(i int) { if uint(i) > uint(^uint32(0)) { panic("length out of bounds") @@ -60,27 +68,29 @@ func deterministicGUID(c *conf.Config) *windows.GUID { } b2String(c.Name) - b2Key(c.Interface.PrivateKey.Public()) - b2Number(len(c.Peers)) - sortedPeers := c.Peers - sort.Slice(sortedPeers, func(i, j int) bool { - return bytes.Compare(sortedPeers[i].PublicKey[:], sortedPeers[j].PublicKey[:]) < 0 - }) - for _, peer := range sortedPeers { - b2Key(&peer.PublicKey) - b2Number(len(peer.AllowedIPs)) - sortedAllowedIPs := peer.AllowedIPs - sort.Slice(sortedAllowedIPs, func(i, j int) bool { - if bi, bj := sortedAllowedIPs[i].Bits(), sortedAllowedIPs[j].Bits(); bi != bj { - return bi < bj - } - if sortedAllowedIPs[i].Cidr != sortedAllowedIPs[j].Cidr { - return sortedAllowedIPs[i].Cidr < sortedAllowedIPs[j].Cidr - } - return bytes.Compare(sortedAllowedIPs[i].IP[:], sortedAllowedIPs[j].IP[:]) < 0 + if !UseFixedGUIDInsteadOfDeterministic { + b2Key(c.Interface.PrivateKey.Public()) + b2Number(len(c.Peers)) + sortedPeers := c.Peers + sort.Slice(sortedPeers, func(i, j int) bool { + return bytes.Compare(sortedPeers[i].PublicKey[:], sortedPeers[j].PublicKey[:]) < 0 }) - for _, allowedip := range sortedAllowedIPs { - b2String(allowedip.String()) + for _, peer := range sortedPeers { + b2Key(&peer.PublicKey) + b2Number(len(peer.AllowedIPs)) + sortedAllowedIPs := peer.AllowedIPs + sort.Slice(sortedAllowedIPs, func(i, j int) bool { + if bi, bj := sortedAllowedIPs[i].Bits(), sortedAllowedIPs[j].Bits(); bi != bj { + return bi < bj + } + if sortedAllowedIPs[i].Cidr != sortedAllowedIPs[j].Cidr { + return sortedAllowedIPs[i].Cidr < sortedAllowedIPs[j].Cidr + } + return bytes.Compare(sortedAllowedIPs[i].IP[:], sortedAllowedIPs[j].IP[:]) < 0 + }) + for _, allowedip := range sortedAllowedIPs { + b2String(allowedip.String()) + } } } return (*windows.GUID)(unsafe.Pointer(&b2.Sum(nil)[0])) |